Improper Certificate Validation in RabbitMQ Java Client Library - #VU137272
Published: July 9, 2026
RabbitMQ Java Client Library
Detailed vulnerability description
The vulnerability allows a remote attacker to intercept and modify transmitted data.
The vulnerability exists due to improper certificate validation in ConnectionFactory.useSslProtocol() and TrustEverythingTrustManager when establishing TLS connections without explicit trust configuration. A remote attacker can present a crafted certificate to perform a man-in-the-middle attack to intercept and modify transmitted data.
Hostname verification is disabled by default, which further facilitates exploitation.